Hi, With TLS 1.3 and others there is possibly a security flaw using ALPN [1].
It seems to me that the ALPN protocol can be bypassed if the client does not correctly inform the ClientHello header. So, the suggestion is to check the ClientHello header in the server and terminate the TLS handshake early. Patch attached. best regards, Ranier Vilela [1] terminate-tlsv1-3-handshake-if-alpn-is-missing <https://stackoverflow.com/questions/77271498/terminate-tlsv1-3-handshake-if-alpn-is-missing>
terminate-tls-handshake-if-no-alpn.patch
Description: Binary data
